Certified Information Security Manager (CISM) — Question 109

An organization's senior management is encouraging employees to use social media for promotional purposes. Which of the following should be the information security manager s FIRST step to support this strategy?

Answer options

• A. Incorporate social media into the security awareness program.
• B. Develop a guideline on the acceptable use of social media.
• C. Employ the use of a web content filtering solution.
• D. Develop a business case for a data loss prevention (DLP) solution.

Correct answer: B

Explanation

The correct answer is B, as creating a policy on acceptable social media use lays the groundwork for safe practices. Option A, while important, is a secondary step that follows the establishment of guidelines. Options C and D are not directly related to supporting the promotion strategy but rather focus on filtering content and preventing data loss, which are not the immediate priorities in this context.